My client provided me with a private key to connect to the web service. Can you help me how I can use it to get information and use it in my .NET program.
I tried to add it to my certificates, but I still didn't get the right answer.
Related
In cloud foundry how can I get the client_id and client_secret code.
This will be used in Basic authentication instead of passing the user and password for respective api calls
In general, this is something that you would get from your platform administrator. He or she would be able to provide you with a properly configured client id and client secret to fit your needs. If you are not the administrator, then you won't be able to do this.
If you are an administrator, read on. There are many existing client and secret pairs within a Cloud Foundry platform. It's also possible, and suggested, to create custom client and secret pairs for use with non-platform apps. You shouldn't use a platform client for your custom app, you should use your own custom client, that way if the client is compromised you can delete it or change the secret.
All of this, viewing & managing client data, is done through UAA, so I'd recommend starting with the docs on UAA. Make sure that you understand the concepts. You may even want to take a step further back and review concepts of OAuth2 as well. Understanding OAuth2 will make working with UAA much easier.
https://docs.cloudfoundry.org/uaa/uaa-overview.html
After that, you'll need the uaac (i.e. UAA client) installed.
https://github.com/cloudfoundry/cf-uaac
Once you're familiar with UAA & have the client installed, this doc on how to manage clients should provide you with instructions to view or create a new client.
https://github.com/cloudfoundry/uaa/blob/master/docs/Sysadmin-Guide.rst#manage-client-registrations
You will need admin role to be able to create a client or get its details.
Refer https://docs.cloudfoundry.org/api/uaa/version/4.7.1/index.html#clients to see various api to manage and create clients.
You can also use the uaa client to get the client details.
Refer https://docs.cloudfoundry.org/uaa/uaa-user-management.html for more info.
I am looking to access a local instance of Couchbase Server through its REST API. The HTTP GET requests are sent from Java.
The problem I am currently running into has to do with authorization.
Specifically, I have managed to use Couchbase's Basic Authorization, but only by obtaining the hashed credentials (bG9jYWw6dHdlZXRzOnBBc3Mx in the example linked to above) by monitoring a Couchbase browser session using Chrome's developer tools and inspecting the request headers.
Now, another Couchbase article mentions that Couchbase uses SHA-1 in compliance with SCRAM. However, no mention is made of how to obtain the 'salt' and 'iterations' parameters from Couchbase. Which, I assume I need to go from the credentials to the challenge solution (i.e. hashed string)
So, the question is as follows: how to get from the credentials (user="local:tweets", pass="pAss1") (from the example of the first link) to bG9jYWw6dHdlZXRzOnBBc3Mx?
Thanks in advance,
Thomas
SCRAM SHA-1 support is only for the Data (K/V) service and only through certain Couchbase SDKs which use the memcached binary protocol. The Java SDK does have support for SCRAM SHA-1.
The REST interface you appear to be using is N1QL's API. That does not support SCRAM SHA auth.
If you're looking to give some other application HTTP access, my recommendation would be to write a small Java app with Spring Boot or the like and use the Java SDK from there. Then you have complete control over how auth is done at the REST interface. A colleague wrote one of these just the other day. Note that even in this case, the Java SDK won't be using SCRAM when running N1QL queries, but you can use that as a point of control.
We have identity server V3 used inside my web application. We would like to use same identities to communicate with sharepoint 2016. Any repository or doc available on how to implement single sign on for sharepoint 2016 and Identity server V3 ?
You'd have to research how to get sharepoint to use IdentityServer as its identity provider.
I prototyped SSO in a test SharePoint 2010 environment a few years and used the links below for assistance. Some of the information may be outdated but I think the relationship between the STS (which in this case would be Identity Server V3 - Thinktecture) and SharePoint has not changed.
I am currently setting up SSO with our SharePoint application as well as other applications. I am using Azure Access Control Service (ACS) to act as a repository for all of the Identity Providers we would like to use. The providers are Facebook,Google,Windows Live ID and LinkedIn. ACS allows you to add custom Identity Providers as well. We have a CRM application that we currently authenticate against within our SharePoint application using claims and forms based authentication. This will be a custom identity provider defined in ACS. I am beginning to work with Thinktecture to be the identity provider that will sit on top of our CRM application. Users will then be able to login to SharePoint with any of the identity providers specified in ACS. We will see how it goes but I believe this will work. I would start with the General HowTos to using STS in SharePoint link.
FederationMetaData.xml editing
http://stsmetadataeditor.codeplex.com/documentation
http://social.msdn.microsoft.com/Forums/is/Geneva/thread/c0791595-2e0d-48cb-82f0-8e0f0bc1809a
http://jefferytay.wordpress.com/2012/05/03/windows-identity-foundationupdating-an-expired-issuer-certificate/
Regarding the "The issuer of the token is not a trusted issuer" error message.
search string - sharepoint 2010 The issuer of the token is not a trusted issuer
http://social.msdn.microsoft.com/Forums/en-ZA/sharepoint2010general/thread/f7dbbf1b-f616-4b24-ae0c-e8c76aa300d5
FedUtil.exe Information
http://msdn.microsoft.com/en-us/library/ee517284.aspx
General HowTos to using STS in SharePoint
http://msdn.microsoft.com/en-us/library/ff955607.aspx
According to the documentation it only seems possible to authenticate against the windows azure service management API by attaching a certificate to each request which I previously have uploaded to the management portal.
The new management API has been built using the service management API, but it uses windows live authentication. Is it possible to use windows live to get the windows azure subscription ID and the certificate, so I can use the same authentication mechanism the management portal uses?
What makes you think that the Service Management API uses Live ID for authentication? It is just the portal that uses Live ID for authentication.
If you dig a bit you will notice that all the service requests from the management portal are made against https://manage.windowsazure.com/Service while The Base URI for management service is: https://management.core.windows.net
So, No, you can't authenticate against the Management API with Live ID. Moreover, it is the Management API is not new. The portal is New. The management API has been there for a while and is updated from time to time to reflect new services that are coming.
UPDATE AFTER THE 2 COMMENTS
Following Gaurav's explanation I will just add a simple architecture diagram (super simplified and totally my thought, but this is how would I build it in very minimalistic way):
[User's browser (portal)] ==> Sends XmlHttpRequest (AJAX) to ==> [Portal Service]
then
[Portal service backend] ==> signs request with predefined certificate and sends request to ==> [management.core.windows.net/subscription-id/whatever/service/command]
This actually is a very common practice to provide UI to a (web) service.
This way both conditions are implemented:
You use Live ID to authenticate with the portal
The Windows Azure Service Management API are yet, still and only protected by a Certificate.
I have a custom STS built with WIF. If I have the Relying Party and STS on the same server, I can get it working.
However, I'm getting ID4036 errors when using a remote machine. As I have dug into it, I found that by default in my STS was always encrpyting the outbound token with a local certificate rather than the certificate requested by the Relying Party. One solution would be to install the certiicate used by the Relying Party (public key only) on the STS and code the STS to use that certificate.
However, that creates a problem as I add other Relying Parties on different servers.
Here's an Example:
STS on MySTS - signs tokens with SigningCert.
Relying Party on MyWebServer01 - wants to encrypt/decrypt with MyWebServer01Cert (owns public / private key)
I can install MyWebServer01Cert on MySTS and set the STS to use that for encrypting tokens, and everything should work. However, let's say I want to add a Relying Party application to MyWebServer02. It will not work unless I install the public and private key of MyWebServer01Cert.
I would think that you can simply transmit the public key to the STS and each RP can use it's own - somewhat like SSL. Is this not the case?
Any help / suggestions would be appreciated.
First of all, for encryption only the public key is needed. You actually never want to give away the private key of a certificate.
If you use the WS Federation protocol (usually used for STS scenarios on web sites) the request to the STS is not sent by your RP server, but by the browser of the user. I doub't that you call tell the browser to use the public key of the previous site for communication over https. The encrypted token on the other hand is decrypted by the rp server (meaning that the RP server must know the private key of the certificate used to encrypt the token).
Taking this circumstances into account I am pretty much sure that the public key of the certificate of the RP must be present on the STS and can not be included in the request. Everything else would probably be a dirty hack only working with your custom STS (e.g. including the public key as a paramter).
At least for "passive sign-in" scenarios. For WCF you could attach the certificate of your server as client certificate to your request. But I haven't tried this by myself.